Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2007-5964
HistoryDec 13, 2007 - 12:00 a.m.

CVE-2007-5964

2007-12-1300:00:00
ubuntu.com
ubuntu.com
11

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

10.1%

JSON

The default configuration of autofs 5 in some Linux distributions, such as
Red Hat Enterprise Linux (RHEL) 5, omits the nosuid option for the hosts
(/net filesystem) map, which allows local users to gain privileges via a
setuid program on a remote NFS server.

Bugs

Notes

Author Note
jdstrand Ubuntu ships autofs 4, and /etc/auto.net contains the nosuid option

Related

openvas 25
fedora 4
nessus 17
debiancve 1
redhat 4
prion 1
cvelist 1
oraclelinux 2
centos 4
nvd 1
cve 1
securityvulns 1
openvas
openvas
Oracle: Security Advisory (ELSA-2007-1128)
2015-10-08 00:00:00
RedHat Update for autofs5 RHSA-2007:1129-01
2009-03-06 00:00:00
Fedora Update for autofs FEDORA-2007-4532
2009-02-27 00:00:00
fedora
fedora
[SECURITY] Fedora 7 Update: autofs-5.0.1-29
2007-12-15 19:25:29
[SECURITY] Fedora 8 Update: autofs-5.0.2-20
2007-12-15 19:29:54
[SECURITY] Fedora 8 Update: autofs-5.0.2-24
2007-12-21 21:10:37
nessus
nessus
CentOS 4 : autofs5 (CESA-2007:1129)
2013-06-29 00:00:00
Scientific Linux Security Update : autofs on SL5.x i386/x86_64
2012-08-01 00:00:00
RHEL 4 : autofs5 (RHSA-2007:1129)
2007-12-13 00:00:00
debiancve
debiancve
CVE-2007-5964
2007-12-13 18:46:00
redhat
redhat
(RHSA-2007:1128) Important: autofs security update
2007-12-12 00:00:00
(RHSA-2007:1129) Important: autofs5 security update
2007-12-12 00:00:00
(RHSA-2007:1176) Important: autofs security update
2007-12-20 00:00:00
prion
prion
Default configuration
2007-12-13 18:46:00
cvelist
cvelist
CVE-2007-5964
2007-12-13 18:00:00
oraclelinux
oraclelinux
Important: autofs5 security update
2007-12-12 00:00:00
Important: autofs security update
2007-12-12 00:00:00
centos
centos
autofs security update
2007-12-12 14:56:48
autofs5 security update
2007-12-12 19:39:58
autofs security update
2008-01-13 19:05:52
nvd
nvd
CVE-2007-5964
2007-12-13 18:46:00
cve
cve
CVE-2007-5964
2007-12-13 18:46:00
securityvulns
securityvulns
autofs privilege escalation
2008-01-13 00:00:00

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

10.1%

JSON
Related for UB:CVE-2007-5964
openvas25fedora4nessus17debiancve1redhat4prion1cvelist1oraclelinux2centos4nvd1cve1securityvulns1